Welcome!
What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business.
Historical PC Business Network A Brief Overview
Historical PC Business Networks Client/Server Architecture Local Software, Storage, and Network Resources Remote Control of Host PCs Terminal Services VPN Local Firewall
What Is A Firewall? A network firewall is a network device that is designed to resist the passage of undesirable network traffic from one side to another Primarily, firewalls allow or block network traffic between devices based upon rules set up by the firewall administrator A majority of small businesses don t have one
The Purpose of A Firewall? Packet Filtering: Manage access to Web sites and file transfers Virtual Private Network (VPN): encrypted access to company resources for external authorized users Authentication: Manage access to company resources Anti Spoofing i.e. when an individual attempting to access a blocked service alters the Web address in the message so that the traffic is allowed
The Purpose of A Firewall? Network Address Translation (NAT):Conversion of a public IP address to one or many private IP addresses Bandwidth management: priority for voice or video, or certain individual network users Block undesired network traffic (i.e. streaming audio & video) Intrusion Detection: Identify hacker attack patterns, alerts the IT staff, and terminates the connection with the hostile source Secondary malware protection
Cloud Computing A Brief Overview
What Is Cloud Computing While answering a question regarding cloud computing, Oracle s CEO Larry Ellison responded: "I have no idea what anyone is talking about, it s really just complete gibberish. What is it? When is this idiocy going to stop?"
What Is Cloud Computing Clever Re branding of old ideas Confusion: The technology industry loves buzzwords Warm & fuzzy marketing term that appeals to buyers Cloud computing implies vision Implies leveraging the infinite scale of the Internet Data ultimately resides in an almost make believe place known as the cloud
A Sampling of Re branded Cloud Services ASP (application service provider) Email Hosting (Gmail, Hotmail, etc ) Web Site Hosting E Commerce (Amazon, Volusion, ebay, Yahoo stores) Banking, Online Bill pay Discussion Forums Music sharing and download
A Selection of Cloud Services Supplemental Backup File Storage Telephone System or Line Service Applications Accounting, Sales Management, etc Applications Microsoft Office 365 On Demand Elastic Computing Power And much more
The Business Case for the Cloud Lower capital costs Capitalexpenditure is converted to an operational expenditure Scalability Pricing on a utility computing basis is fine grained with usage based options Reduced burden on IT Fewer IT skills are required for implementation
It Doesn t Have to be All or Nothing! The foreseeable future likely will reflect a hybrid environment Cloud services often will be overlaid on current business technology Many applications are simply not available
Device and Location Independence Enable users to access systems regardless of the device PC, ipad, mobile phone, etc Infrastructure is off site typically provided by a third party accessed via the Internet users can connect from anywhere
Dropbox (Google Drive, Microsoft SkyDrive) Concerns regarding security Rampant reuse of passwords (Gmail, Twitter, Facebook) Documents generally unencrypted Inability of management to control backup & ownership
What you should do? Monitor Dropbox use Compare cloud service security Beware of lackluster security cloud service practices Treat Dropbox as a public repository Restrict employees use centrally managed file storage
Most Cloud Providers Say: Trust Us, We re Secure Don t take them at their word
Assessing A Cloud Provider s Controls Questionnaires Standardized reports Technical audits Vulnerability scans White Hat penetration attempts They should take the same care of your data as you would
Information Week: Cloud Security Survey 27% have no plans to use public cloud services 48% cite leaks of customer and proprietary data The other 73% are worried 20% say the cloud provider security is better than their own 20% say the cloud provider security is as good as their own 19% say the cloud provider is better at some, worse at others 6% say the cloud provider security is worse than their own 35% say they have no idea (they re going on blind faith)
Companies Considering Cloud Service Should Take advantage of readily available security documentation
SSAE 16 Report Statements on Standards for Attestation Engagements 16 Replaces the SAS 70 Report Commonly recognized set of auditing standards Provider describes its security and technology controls Third party auditor reviews them Management attests that the controls are in place It doesn t lay out the ideal security environment It only describes the controls to which the provider attests Each provider s SSAE 16 is likely to contain different descriptions
What does the SSAE 16 Include? Five trust services principles Security Availability Processing integrity Confidentiality Privacy of personal information collected, used, retained, disclosed, and disposed
Cloud Security Alliance (CSA) Focused exclusively on security Describes best practices for cloud providers (i.e. Encryption, application security) Created the Security, Trust & Assurance Registry A free registry that documents cloud computing offerings Members include: Amazon Web Services, Microsoft Azure, and Terremark
The Vendor Lock In Problem Very little standardization between various cloud providers The company is married to the cloud provider Expensive & time consuming to migrate to another provider Cloud providers benefit by keeping things proprietary because it locks consumers into their environment Understand the exit strategy
Why the Marriage May Fail The cloud provider could be bought out by a larger company, and a bunch of policies change The cloud provider may increase their leasing costs The cloud provider may change the leasing term The provider may move abroad which may conflict with some legal requirements you may have Failure to meet security and availability promises
Your System and Data Is Finally Installed and Configured Perfectly How do I make sure it s always there when I need it? The poor man pays twice Russian Proverb
What Does A Backup and Disaster Recovery System Look Like?
What Should Be Backed Up? Data: Documents Accounting: Payables, Receivables, Inventory Databases: customer contacts, mailing list, Customer records: quotes, contracts Email Investment in Systems Servers and Server installation Network configuration
Conventional Backup Straight data Sometimes grandfathered with multiple drives or cartridges Pitfalls Does not safeguard network config, programs, and operating system File selections to be backed up may not be up to date Is it working? How do you know? Danger of overwriting previous good data with corrupt data What are the steps to get everything back to how it was? Who s responsible for periodically testing the restore process? Media: Tapes, external hard drives, thumb drives
Online Backup Examples: Carbonite, Mozy Simple document files are backed up Problematic Cloud limitations If files are large, or the collection of files is large Seeding Concerns with data being compromised Loss in shipping Unauthorized users gaining access Not encrypted
Backup and Disaster Recovery Solution Variety of techniques Starts with understanding what s important What s an acceptable timeframe for downtime If it takes days or weeks, will it put you out of business What is Plan B (we like to see Plan C, D, and E )
Backup Is Not A Product, It s A Process
Things That Do Not Work The backup fairy Ignoring the issue and hoping it will go away Assuming that someone else is taking care of it Assuming nothing will ever happen to your business Planning to do something someday Assuming that what you have, can do what you need
Questions To Ask What s being backed up Protected Is it working today How long will it take to get everything back and usable Who s responsible for making sure When was the last fire drill What is the plan if you have a fire, flood, etc. Could the business survive (50% don t)
Q R S T Circle Q if you have questions or if you would like me to follow up Circle R if you have a referral or know someone that needs help Circle S if you think you might need a speaker at another event Circle T if you would like me to follow you on Twitter (write your handle on the back of your card)
Thank you for Attending!!!